Hello all, I've relayed questions about the specifics of the attack and generous offers from Jacob and Hal to our tech team -- thank you both.
And I appreciate the discussion front the list. Some are raising questions about the accuracy of our description of the attack. Judges more informed than I will have to make that call -- but I have no reason not to trust the organization. Its integrity is one reason I work here :) But accuracy aside -- others are questioning whether fundraising off the back of a DDOS is "tasteful" and implied that raising more funds than what is needed for defending against the attack (for added bandwidth, say) is disingenuous. Here's where I object, and suggest these critics broaden their definition of defense. First, I think our email was clear about the dual objective of the fundraiser: donate to an Avaaz defence fund to take our security to the next level, and > show our attackers that whatever they throw at us only makes us stronger. And again, I'm not a security expert -- but growing stronger from attacks seems like a pretty good security objective to me. Fundraising is the best way that most of our members can help support it (great if members of this list can contribute their time/expertise to the same ends). Allow me to belabor the point: When I worked at Rainforest Action Network, we came under a different of kind of attack in 2002 when US logging giant Boise Cascade sent letters to RAN's individual and foundation donors calling us “illegal, anti-business, and anti-American.” We responded with an essentially identical strategy -- a fundraising appeal to show that attempts to take us down would only make us stronger. Long story short: it worked. We raised a bunch of money, invested it in the campaign, and kicked Boise's ass.<http://www.utwatch.org/oldnews/wsj_boise_9_03_03.html> Then shortly after in 2003, the House Ways and Means Committee subpoenaed every record <http://www.civilliberties.org/RAN.html> related protests organized by RAN since 1993 in a bid to revoke our tax-exempt status. Again, big fundraiser, big response, reinvestment (this time in big legal guns). Ultimately the Committee backed down and we became a stronger organization. Crying wolf or hyping threats that don't exist would be worthy of ridicule. But suffice it to say, I think fundraising in response to legitimate attacks is totally legit. Others? -Brant On May 6, 2012, at 3:03 AM, "Jillian C. York" <[email protected]> wrote: Hi Brant, You may not want to share it list-wide, but there is certainly interest in disclosing to trusted members of the security community. That said, I'm also not a security expert, so I'm hoping that perhaps Hal Roberts or Jake Appelbaum might jump in and say something here. Best, Jillian On Sun, May 6, 2012 at 11:29 AM, Brant Olson <[email protected]> wrote: > > > Regrets. I had intended to send this to the full list. > > I'm asking about specific interests because I suspect (but don't yet know) that we have specific interests in not disclosing information -- such as that which may make another attack more likely/difficult to defend against. > > Unsure whether this info would fit that bill or not. Perhaps someone here could speculate. > > -Brant > > > Begin forwarded message: > > From: Brant Olson <[email protected]> > Date: May 5, 2012 1:03:19 PM PDT > To: Eric S Johnson <[email protected]> > Subject: Re: [liberationtech] Avaaz > > These are helpful - thank you Eric. > > I'm not familiar with the list, and I'm not a security expert, so pardon me for asking but is there an interest in this information beyond curiosity? > > -Brant > > > > > > > On May 5, 2012, at 11:00 AM, Eric S Johnson <[email protected]> wrote: > > Brant, what was the attack’s size? > > > > What was done to repel it? > > > > Any idea who was behind the attack, or what its specific purpose was? > > > > If you’re on the LibTech list, it sounds as if these are questions the list members would love to learn about. > > > > Best, > > Eric > > PGP > > > > From: [email protected] [mailto: [email protected]] On Behalf Of Brant Olson > Sent: Friday, 04 May 2012 17:10 > To: Yosem Companys > Cc: Liberation Technologies > Subject: Re: [liberationtech] Avaaz > > > > Sure enough. Howdy folks. Brant here. > > > > I'm not on the team responding to the DOS attack, but I can take any questions or concerns and report back. > > > > Fire away! > > > > -Brant > > > > > On May 4, 2012, at 3:07 PM, Yosem Companys <[email protected]> wrote: > > I believe someone from the Avaaz team has just joined our list, so if you have questions for Avaaz, now would be the time to ask. > > > > Yosem > > _______________________________________________ > liberationtech mailing list > [email protected] > > Should you need to change your subscription options, please go to: > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" > > You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech > > Should you need immediate assistance, please contact the list moderator. > > Please don't forget to follow us on http://twitter.com/#!/Liberationtech > > > _______________________________________________ > liberationtech mailing list > [email protected] > > Should you need to change your subscription options, please go to: > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" > > You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech > > Should you need immediate assistance, please contact the list moderator. > > Please don't forget to follow us on http://twitter.com/#!/Liberationtech -- +1-857-891-4244 | jilliancyork.com | @jilliancyork "We must not be afraid of dreaming the seemingly impossible if we want the seemingly impossible to become a reality" - Vaclav Havel -- Brant Olson Program Manager AVAAZ p: (+01) 415-562-7268 e: [email protected] s: branto1887 t: @branto
_______________________________________________ liberationtech mailing list [email protected] Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
